# Build recipe for ca-certificates (a version from Alpine Linux).
#
# Copyright (c) 2018-2019, 2021-2022 Matias Fonzo, <selk@dragora.org>.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Exit immediately on any error
set -e

program=ca-certificates
version=20220111_d12d01b
release=1

# Define a category for the output of the package name
pkgcategory=networking

tarname=${program}-${version}.tar.lz

# Remote source(s)
fetch="
 https://dragora.mirror.garr.it/current/sources/$tarname
 rsync://rsync.dragora.org/current/sources/$tarname
"

description="
Common CA certificates PEM files.

This package comes from the CA certificates version found in
\"Alpine Linux\".
"

homepage=https://git.alpinelinux.org/cgit/ca-certificates/
license="GPLv2+ | MPLv2.0"

# Source documentation
docs="VERSION"
docsdir="${docdir}/${program}-${version}"

# Limit parallel jobs for this build
jobs=1

build()
{
    unpack "${tardir}/$tarname"

    cd "$srcdir"

    # Add updated source file with the included root certificates
    # https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
    cat "${worktree}/archive/ca-certificates/certdata.txt" > certdata.txt

    # Set sane permissions
    chmod -R u+w,go-w,a+rX-s .

    make -j${jobs} V=1
    make -j${jobs} V=1 DESTDIR="$destdir" install
    strip --strip-unneeded \
     "${destdir}/usr/bin/c_rehash" \
     "${destdir}/usr/sbin/update-ca-certificates"

    # Clean up broken symlinks, if any
    find "$destdir" -print | while read -r file
    do
        if test -L "$file" && test ! -e "$file"
        then
            echo "Deleting dangling symlink: $file"
            rm -f -- "$file"
        fi
    done

    mkdir -p "${destdir}"/etc/ca-certificates/update.d

    # To populate config file
    (
        echo "# Automatically generated by $full_pkgname"
        cd "${destdir}/usr/share/ca-certificates"
        find . -name '*.crt' | sort | cut -b3-
    ) > "${destdir}/etc/ca-certificates.conf"

    # Generate the bundle in similar way as update-ca-certificates would do
    find . -name '*.crt' | sort | while read -r file
    do
	cat -- "$file"
        echo ""
    done > "${destdir}/etc/ssl/certs/ca-certificates.crt"

    # Make run-parts script

cat << "EOF" > "${destdir}/etc/ca-certificates/update.d/certhash"
#! /bin/sh -
exec /usr/bin/c_rehash /etc/ssl/certs

EOF
    chmod 755 "${destdir}/etc/ca-certificates/update.d/certhash"

    # Compress and link man pages (if needed)
    if test -d "${destdir}/$mandir"
    then
        (
            cd "${destdir}/$mandir"
            find . -type f -exec lzip -9 {} +
            find . -type l | while read -r file
            do
                ln -sf "$(readlink -- "$file").lz" "${file}.lz"
                rm -- "$file"
            done
        )
    fi

    # Copy documentation
    mkdir -p "${destdir}/$docsdir"
    cp -p $docs "${destdir}/$docsdir"
}

